From mboxrd@z Thu Jan  1 00:00:00 1970
From: Lutz Pressler <Lutz.Pressler@SerNet.DE>
Date: Fri, 14 Dec 2001 07:36:17 +0000
Subject: Re: [LARTC] tc: u32 match in nexthdr not working?
Message-Id: <marc-lartc-100831545027810@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-100827285418750@msgid-missing>
In-Reply-To: <marc-lartc-100827285418750@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

On Fri, 14 Dec 2001, bert hubert wrote:

> On Thu, Dec 13, 2001 at 08:46:57PM +0100, Lutz Pressler wrote:
>
> > The following has no effect on 2.4.16 or older (even 2.2) kernels:
> >
> > # tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 match tcp
> > dst 3128 0xffff police rate 40kbit burst 10k drop flowid :1
>
> Double check what this means! This limits speed of data *coming in to* your
> proxy from a client (browser). That is not a lot - most data will flow he
> other way, and will indeed not be matched.
>
Sorry, that was a typo (I forget that I tried the other way too, to be
complete, before doing the cut&paste). Of course "src 3128"!
> Data being received BY your proxy from the internet is not matched by this
> proxy.
>
> > Even if
> > # tc filter ls dev eth0 parent ffff:
> > filter protocol ip pref 50 u32
> > filter protocol ip pref 50 u32 fh 800: ht divisor 1
>
> > filter protocol ip pref 50 u32 fh 800::800 order 2048 key ht 800 bkt 0
> > flowid :1 police 4 action drop rate 40Kbit burst 10Kb mtu 2Kb
> >   match 00000c38/0000ffff at nexthdr+0
and "match 0c380000/ffff0000" here.
>
> You supply a lot of redundant information. I'm not sure what the '4' means
> in this rule.
Neither do I, haven't set it explicitly. Seems to increase with every
change in policing rules.
>
> > looks reasonable, TCP connections to port 3128 are not policed.
> >
> > If I use "match ip dst <ip-address>" instead, the policing works.
>
> Your proxy does no necessarily download FROM port 3128!
I did that - as a test, real situation is not about 3128 - on the client,
not the proxy.

Lutz

-- 
  _              |  Lutz Pressler          |  Tel: ++49-551-3700002
 |_     |\ |     |  Service Network GmbH   |  FAX: ++49-551-3700009
 ._|ER  | \|ET   |  Bahnhofsallee 1b       |   mailto:lp@SerNet.DE
Service Network  |  D-37081 Goettingen     |  http://www.SerNet.DE/


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/